SSH bruteforce break attempts made to my personal server

This is just a quick post to show you why you must at least try to configure properly you ssh servers. Today, reading my server logs I realized a big number of login failures into my server and I thought about collecting some numbers about these attempts.

All login attempts have the same signature on the logs, it’s something like this:

Running a whois on the IP’s show me that the attacks comes from many different places including: China, Japan, Nigeria and US.

All attempts were made between April 2011 and April 2012. What I want to show you is that you need to take care of your ssh server configuration because one of these attempts could be successful. The first thing I do with any new ssh server is to disable login/password authentication and only accept ssh keys authentication. This is already a good start. =)

Thanks for reading.

Update: My great friend Denilson just pointed out that count.py has the very same effect of uniq -c. Thanks for the tip!